Systems and Methods for Intellectual Property-Secured, Remote Debugging

1. A system, comprising: an integrated circuit device; an interface that enables communication between the integrated circuit device and a remote debugging site, wherein the interface enables the integrated circuit device to communicate comprising: sending an encrypted session key in a remote debug process; receiving an acknowledgement from the remote debugging site, wherein the acknowledgement is encrypted based at least in part on a session key derived from the encrypted session key; authenticating the acknowledgement; and in response to authenticating the acknowledgement, initiating a secure session between the integrated circuit device and the remote debugging site, wherein messages sent to the remote debugging site via the interface during the secure session are encrypted via the encrypted session key, wherein the interface comprises a random number generator that generates the session key, wherein the random number generator generates a new session key for each remote debug session.

2. The system of claim 1 , comprising a client-side host device coupled to the integrated circuit device and to the interface, wherein the client-side host device: receives accepted incoming messages from the interface, wherein the accepted incoming messages comprise the incoming messages having an encrypted Joint Test Action Group (JTAG) command; blocks at least a portion of incoming messages that are not the encrypted JTAG commands associated with the remote debug process; and transmits each incoming message comprising the encrypted JTAG command to a central terminal access point (TAP) of the integrated circuit device using a JTAG interface coupled between the client-side host device and the integrated circuit device.

3. The system of claim 2 , wherein the client-side host device continues blocking the at least a portion of the incoming messages that do not include the encrypted JTAG commands after the remote debug process is terminated.

4. The system of claim 2 , wherein the central TAP provides a communication channel into the integrated circuit device from the interface.

5. The system of claim 1 , wherein communication between the integrated circuit device and the remote debugging site occurs over a public network using a Web Socket implementation.

6. The system of claim 5 , wherein the interface enables the integrated circuit device to communicate comprising: requesting the remote debug process; receiving a certificate from the integrated circuit device; and opening a port in a firewall associated with the public network on an integrated circuit device side, wherein the port enables communication with the remote debugging site.

7. The system of claim 6 , wherein the certificate comprises a client-specific password, an identification of the integrated circuit device, and a request to initiate the remote debug process.

8. The system of claim 1 , wherein authenticating the acknowledgement comprises securely transmitting the session key and authenticating a pattern known to the integrated circuit device and the remote debugging site.

9. The system of claim 1 , wherein the messages sent to the remote debugging site comprises an integrity counter, wherein the integrity counter is incremented based on a number of the messages that are sent to the remote debugging site via the interface, and wherein incoming messages received by the integrated circuit device via the interface are authenticated based at least in part on the integrity counter.

10. The system of claim 1 , wherein the integrated circuit device comprises: an authentication finite state machine (FSM) that generates the encrypted session key based on the session key and an authentication key received by the authentication FSM; an encryption/decryption machine that: generates encrypted data based on an output of the authentication FSM; and deciphers encrypted Joint Test Action Group (JTAG) commands received at the integrated circuit device via the interface; a result counter coupled to an encryption portion of the encryption/decryption machine, wherein the result counter adds an integrity counter packet used by the remote debugging site to verify authenticity of the encrypted data; and a packet counter coupled to a decryption portion of the encryption/decryption machine, wherein the packet counter verifies authenticity of received JTAG commands.

11. The system of claim 10 , wherein the authentication FSM remains on while the encryption/decryption machine is at least partially powered down in response to the remote debug process not being enabled, the integrated circuit device being set to a lower power state, or a combination thereof.

12. The system of claim 10 , wherein the encryption/decryption machine generates the encrypted data and decipher the encrypted JTAG commands using an advanced encryption standard (AES) key.

13. The system of claim 10 , wherein the authentication key is stored in a database indexed using an identification of the integrated circuit device, and wherein the database is associated with the remote debugging site.

14. The system of claim 1 , wherein the random number generator generates the new session key in response to voltage reducing in at least a portion of the integrated circuit device.

15. The system of claim 1 , wherein the interface couples to a relay server coupled between the integrated circuit device and the remote debug site.

16. The system of claim 15 , wherein the relay server buffers the integrated circuit device and the remote debug site prevent direct communication between the integrated circuit device and the remote debug site.

17. A method for debugging an integrated circuit device via a debug lab, comprising: verifying, at the debug lab, a request for a remote debug process of an integrated circuit device located at a remote site and received from an interface at the remote site; authenticating, at the debug lab, the request for the remote debug process; polling, at the debug lab, for a status of the remote debug process; receiving, at the debug lab, the status of the remote debug process, wherein the status comprises an encrypted session key generated by the integrated circuit device and an initialized integrity counter; decrypting, at the debug lab, the encrypted session key to generate a session key; verifying that the session key matches an expected session key; in response to the session key matching the expected session key, transmitting an encrypted acknowledgement to the integrated circuit device including the initialized integrity counter to initiate the remote debug process; in response to the initiation of the remote debug process; transmitting encrypted Joint Test Action Group (JTAG) commands to the integrated circuit device based at least in part on the session key derived from the encrypted session key; and receiving encrypted information on internal states of integrated circuit device arrays.